How to Disable External Sharing in SharePoint Online?
Requirement: Disable external sharing in SharePoint Online using PowerShell
How to Disable External Sharing in SharePoint Online?
External sharing in SharePoint Online is a feature that enables users to share documents and content outside the organization with people who are not members of your organization, such as vendors, customers, consultants, etc. However, many organizations don’t want to open sharing because of security reasons! External sharing settings can be controlled at two levels: Tenant-wide and site collection levels.
To turn off external sharing in SharePoint Online at the tenant level, follow these steps:
- Login to SharePoint Online Admin Center as a global admin or SharePoint Online administrator.
- From the left navigation, expand “Policies” and click on “Sharing”.
- Change the Sharing Settings for SharePoint Online to “Only people in your organization” to disable external sharing.
- Click on the “Save” button at the bottom to save your changes. This sets only members of the tenant can receive sharing invitations.
OneDrive for Business site’s External sharing settings depends on SharePoint’s Sharing settings! You cannot set OneDrive settings that are more permissive than the SharePoint Online tenant settings. (In other words, OneDrive for Business Sharing settings can be more restrictive than SharePoint Online’s Sharing settings).
If you are using classic admin center, To turn off external sharing, do the following:
- Under the “Sharing outside your organization” section, set the sharing option to “Don’t allow sharing outside your organization”.
- Click on the “OK” button at the bottom to save your changes.
This prevents all users on all sites from sharing sites or sharing content on sites with external users.
Disable External Sharing in SharePoint Online using PowerShell:
We wanted to disable external sharing entirely for the organization.
#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#Disable external sharing for the tenant
Set-SPOTenant -SharingCapability Disabled
The same can be achieved with PnP PowerShell as:
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive
#Disable External Sharing for the tenant
Set-PnPTenant -SharingCapability Disabled
Disable External Sharing at Site Collection Level:
You can also disable external sharing at each individual SharePoint Online site collection. To disable external sharing at the site collection level using the SharePoint Online admin center, follow these steps:
- Go to SharePoint Online Admin Center >> Select the desired Site collection from the list
- Click on the “Sharing” button >> Set the sharing settings to “Only people in the current organization”. Click on “Save” to commit your changes.
Disable External Sharing in SharePoint Online Site Collection using PowerShell
You can use PowerShell to further restrict sharing settings on individual SharePoint sites.
#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
$SiteURL="https://crescent.sharepoint.com/sites/operations"
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
#Disable external sharing
Set-SPOSite $SiteURL -SharingCapability "Disabled"
Similarly, To disable external sharing using PnP PowerShell, use:
#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/Purchase"
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive
#Disable External Sharing for a site
Set-PnPTenantSite -Url $SiteURL -SharingCapability Disabled
Disable External Sharing for All Sites in the Tenant
External sharing is a great feature in Sharepoint Online that allows you to collaborate with people outside of your organization. However, there are times when you may want to disable this feature for security or compliance reasons. Here is the PowerShell script to disable external sharing on all SharePoint Online site collections:
#Parameters
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$ExternalSharingSetting = "Disabled"
Try {
#Connect to Admin center
Connect-PnPOnline -URL $AdminCenterURL -Interactive
#Get all sites where the setting is different from the given parameter - Exclude Seach Center, Redirect sites, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bots
$SiteCollections = Get-PnPTenantSite | Where { $_.URL -like '*/sites*' -and $_.SharingCapability -ne $ExternalSharingSetting -and $_.Template -NotIn `
("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")}
#Loop through each site and enable external sharing
ForEach ($Site in $SiteCollections)
{
#Apply External sharing setting for the site
Set-PnPTenantSite -Url $Site.Url -SharingCapability $ExternalSharingSetting
Write-host "External sharing Setting updated for:" $Site.URL -f Green
}
}
Catch {
Write-host -f Red "Error:" $_.Exception.Message
}
You can verify this in your SharePoint Online admin center, as shown in the image above. To get the list of sites where sharing capability is disabled:
Get-SPOSite | Where {$_. SharingCapability -eq "Disabled"}
To enable external sharing in SharePoint Online, refer to How to Enable External Sharing in SharePoint Online using PowerShell?
Make sure external sharing is enabled, browse to your SharePoint Online site >> Click on Site Settings >> Site Permissions >> Share Site. Enter the E-mail IDs of the external users, select the permission level such as “Read”, and then click on “Share” to add an external user to SharePoint Online.
More info: Grant access to external users in SharePoint Online
You can lock a SharePoint Online site to Read-Only mode, either with site policies or PowerShell.
More info: Set SharePoint Online site to Read-Only
